Mission planner usually says that the motors are drawing approximately 5A to 7A so I generally assumed the motors weren’t under that much load. I am now questioning those readings given the damage to the board, shown below.

The bottom of damaged relay board.

I remember checking the relay board after one of the motors stopped working, but I was relying on the LEDs to confirm the relay was triggering properly. This was the wrong way to check the board, because the LEDs light up when 5V is applied to the header pins, not when the relay actually closes.

I also seem to recall hearing the relay “click” when triggered, but because the wire trace in the board was burnt up, no current could flow through the board, whether the relay was engaged or not. Because the back of the board was hidden and I couldn’t see the burnt up wire trace, I assumed the relays were good and moved on. I’ll check the module later, but the relays probably still work fine.

Lessons Learned

My Mission Planner current readings are probably wrong.

I don’t think I have the current sensor calibrated or configured properly. Either that, or mission planner does some kind of smoothing of current measurements that doesn’t reveal maximum current flow, only the average over the measurement period. The Mission planner output is total current consumed by the robot, meaning 7A is used for everything. This shouldn’t have caused a problem, in theory. Obviously, there is a disconnect between reality and theory somewhere.

You get what you pay for.

This relay board was $3 plus shipping. The header pins were a nice setup, and the fact that the relays could be triggered with 5V is the main reason I bought them. I had a convenient 5V source to switch them with, so I tried to keep things simple. Unfortunately the board was undersized for the task, as you can even see heat damage to the conductor that isn’t completely split. I should have known there was a problem when I couldn’t fit 12ga wire into the screw terminals on the board and had to use 16ga wire instead. Not good.

Fuses are critical for protecting components and preventing fire.

I’ve been skeptical of going to the trouble of putting fuses in my robot, partly from a cost perspective but mostly from an “ain’t nobody got time fo dat” mentality. This failure could have been a more critical component. If the relay board hadn’t failed, I could have fried the Sabertooth, or worse, started a fire in the enclosure. While I’ve focused my safety efforts on the spinning blades, this is an equally important area to get right.

Remember Occam’s Razor when troubleshooting.

When one motor spins but the other one doesn’t, which is more likely:

The Sabertooth motor controller is fried, but only halfway fried.

There’s a connectivity problem to the motor that doesn’t turn.

Taking a step back to asses the problem can save a lot of useless troubleshooting, like tearing the Sabertooth out and testing it. Use common sense. Start checking the simplest failure modes first, moving to more complicated failure modes until the root cause is found.

Going Forward

To switch current to the motor controller I am going to add a much larger 50A relay to this system. I’ll then use one of these smaller boards to switch the 50A relay. The coil current consumed by the 50A relay should be much lower than the current consumed by the drive motors on the robot.

This weekend I had some time to install my emergency stop switch. At first I thought I would keep things simple and just mount the emergency stop switch on top of the control enclosure and route one of the battery wires straight through the safety switch. Sounds simple, right? This method, however, presents two big issues:

Hitting the emergency stop switch shuts power off to the entire rover.

A high current carrying wire has to run through the control enclosure.

The first item above is an issue because we want to be able to communicate an emergency shut down state to the ground control laptop. If all the power is shut off to the rover, a power failure and an emergency shut down will appear identical from the ground control’s perspective.

The second item is an issue because it defeats the purpose of separating the power and control electronics. The constraint here is that the emergency stop switch has to be mounted on top of the control enclosure so it is visible, accessible, and in a safe location, but we can’t have a high power wire running through it. We want to keep those noisy high current wires away from sensitive electronics.

The solution? A relay! Or more specifically, a set of relays. We’ll have the emergency switch trigger a relay that cuts power to the drive motors only in an emergency state. We’ll also keep all the high current wires contained to the power enclosure.

The wiring diagram for the emergency stop system.

The FIT0156 emergency stop switch has two integral switches triggered by the big red button. One is NC and the other is NO. Our system uses the NC switch. When the button is pressed, the switch opens and prevents 5V from flowing to the CH1 and CH2 pins on the relay module. This opens the motor circuit, immobilizing the rover.

The IM120525001 2 channel relay was only $3, but I wasn’t sure if it would be large enough to conduct the current needed by the motors. I decided to take a gamble, and I’m glad I did. The module works very well. The spec sheets say it can conduct up to 30A at 24VDC. The only drawback is that the screw terminals on the module aren’t big enough for 14 gage wire. I had to use 16 gage wire instead.

I measured current flow between the 5V output on the Mauch BEC and VCC on the IM120525001 module and my ammeter said it consumes 170mA, a little bit high for my liking, but manageable. The Mauch BEC is rated for 3A, so it shouldn’t be a big issue.

I oversized both enclosures knowing there would be additional things I add later, and I am glad that I did. The emergency stop switch and relay module both fit nicely in my enclosures.

The power enclosure with the relay module mounted nicely in the lower right. Both of the motors have one wire routed through the relay module before connecting to the Sabertooth motor controller.

I used one of my remaining 8 pins on the DB15 breakout board to route the emergency stop switch down to the power box. This wire goes to both the CH1 and Ch2 pins on the relay module. When you hit the button both motor circuits are opened.

The big red button installed on the rover. Be sure to include large, clear signage stating that this is how you shut it off!

So the total cost of our emergency system:

Emergency stop switch, $6

Relay module, $3

Emergency stop sticker, $2

Miscellaneous wire, $1

Tack on a few dollars for shipping and sales tax for those items and you’re still easily under $20. Not too shabby.

Eventually the rover will have a spinning blade of death on it. Before we get to that point we need to include some safety mechanisms. Let’s be real: these features aren’t just for innocent bystanders. You’re the one tinkering with this thing. Do yourself a favor and invest in some simple safety features. They don’t have to be expensive or complicated.

Safety is your responsibility! Only you can keep this adorable kitty cat safe.

The goal of a safety system is to ensure that at all times the rover is in a safe state. What is a safe state, you ask? Well, that depends. Say the spinning blade of death is barreling toward a small kitten. A safe state would be one in which it stops barreling toward that kitten. So tell the motors to stop spinning, right?

Well, maybe. But what if the rover is on an incline, and could start rolling backward? That’s certainly not safe. Well, then put the brakes on, you may say. Sure, that might work. But what if you already hit the kitten and the poor thing is stuck under the spinning blade of death already? Now what?

The above scenario may seem preposterous, and it is unlikely. But it illustrates an important point: you need to be proactive about identifying safetyrisks.

Safety system design is a whole discipline in itself, but there’s one thing we can all agree on: a safe state is one in which the spinning blade of death stops spinning. So let’s add a simple emergency stop switch to shut off the spinning blade of death.

Right now our rover isn’t equipped with such a feature, but we can wire it into the drive motors so that when you hit the emergency stop switch, the rover stops moving. Down the road we’ll also wire it into the motor powering the mower blade.

I don’t need an emergency stop switch. I have an on off switch and I’m smart enough to know how to use it.

-Me, before the rover slams into my shin

For an emergency stop switch to do any good, it needs to be identifiable. Think you’re on off switch is good enough? It may be for you, but can a person who has never seen your rover before identify it? Possibly, but we can’t assume that. Our emergency stop switch needs to be a big red button with a giant label by it saying Emergency Shut Off Switch or something of that nature. This way your grandma could easily figure out that this button will turn off the spinning blade of death.

Your E-stop also needs to be accessible. This means that it can be easily pressed by anyone. It’s not on the back side of your rover near the bottom. It’s front and center, located in an area where a person could quickly press the button if your rover were coming right at them. Set it at a height that your 4 year old niece could reach if your rover is of any significant size. What good is an E-stop if it can’t be reached?

Related to making your E-stop accessible, be sure to put it in a safe location. I know, that sounds awfully obvious, but be cognizant of what’s around your button. Is there a hot surface near it? Bad place for your E-stop. Is it near your spinning wheels? Also a bad place. Use common sense.

Lastly, your E-stop should put the rover into a safe state. What that looks like depends uniquely on your situation. In this case, it means the motors are de-energized.

Next time I’ll show what this kind of system looks like for the rover V2.